<?php

/**
 * @link http://www.yiiframework.com/
 * @copyright Copyright (c) 2008 Yii Software LLC
 * @license http://www.yiiframework.com/license/
 */

namespace common\rest\filters\auth;

use Yii;
use yii\web\UnauthorizedHttpException;
use yii\filters\auth\QueryParamAuth as BaseModel;
use common\rest\statics\OperationResult;
/**
 * QueryParamAuth is an action filter that supports the authentication based on the access token passed through a query parameter.
 *
 * @author Qiang Xue <qiang.xue@gmail.com>
 * @since 2.0
 */
class QueryParamAuth extends BaseModel {

    /**
     * @var string the parameter name for passing the access token
     */
    public $tokenParam = 'access_token';

    /**
     * @inheritdoc
     */
    public function authenticate($user, $request, $response) {
        $accessToken = $request->get($this->tokenParam);
        if (is_string($accessToken)) {
            $identity = $user->loginByAccessToken($accessToken, get_class($this));
            if ($identity !== null) {
                return $identity;
            }
        }
        if ($accessToken !== null) {
            $this->handleFailure($response);
        }

        return null;
    }

    public function handleFailure($response) {
        throw new UnauthorizedHttpException(Yii::t("app.c2", 'Your request was made with invalid credentials.'), OperationResult::ERROR_401);
    }

}
